Hi Rafael, Why do you have disabled the spamdyke- ip-in-cc-rdns? >#reject-ip-in-cc-rdns
This spamdyke-rule catches about 30% of incoming mails because coming from dynamic addresses. Andreas Am Tuesday 03 November 2009 18:44:15 schrieb Michael Colvin: > > Did anyone else notice that he is missing spam_hits in his config file? > > Does it default to something without it? > > I believe it defaults to "5" or something similar. It would only effect > SpamAssassin anyway, and I've come to not really rely on SpamAssassin to > block most of my spam. SpamDyke catches nearly all of it. If he's getting > a lot of spam through, SpamAssassin is likely not the answer, blocking it > with SpamDyke is. :-) > > Mike > > > HIS: > > cat /var/qmail/control/simcontrol > > > > :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:. > > :w > > > > mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p > > l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dw > >r > > > > :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. > > > > idw:.ipt > > > > MINE: > > # cat /var/qmail/control/simcontrol > > > > :clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd: > > :. > > > > dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh > > > > See response above; Michael Colvin wrote: > > > Like Eric mentioned, at this point, you need to take a look at the > > > > headers > > > > > of the spam e-mails that your users are getting. You need to find > > > something > > > in the type of e-mails you're getting that you can filter on... > > > > > > Or, as also mentioned, it might be an internal user that is bypassing > > > > some > > > > > of the filtering because they are authenticated... > > > > > > At this point, you need to look at the specific spam, and use specific > > > techniques to filter it, not simply add more RBL's, or blacklists, etc. > > > It's likely that just making one small tweak will eliminate most of > > > your spam. > > > > > > > > > Michael J. Colvin > > > NorCal Internet Services > > > www.norcalisp.com > > > > > >> -----Original Message----- > > >> From: Rafael Andrade [mailto:raf...@riosulense.com.br] > > >> Sent: Tuesday, November 03, 2009 8:50 AM > > >> To: qmailtoaster-list@qmailtoaster.com > > >> Subject: Re: [qmailtoaster] Re: Spam Help Plz > > >> > > >> Hello, Eric and all list, > > >> > > >> First thank u for the answer > > >> > > >> My users receiving lots of spams dont have a specific sender domain, > > >> or default spam type. > > >> > > >> My spamdyke is running see: > > >> > > >> spamdyke-stats /var/log/maillog > > >> Allowed: 35619 > > >> Denied : 140729 > > >> Sum: 176348 > > >> % Spam : 79.80% > > >> > > >> in logfile: > > >> Nov 3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from: > > >> misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip: > > >> 84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown) > > >> > > >> I`m using lots of Rbls to try reduce the spam numbers but not working > > >> correctly. > > >> > > >> Does anybody have some idea? > > >> > > >> > > >> Thanks so much > > >> > > >> Rafael > > >> > > >> Eric Shubert escreveu: > > >> > Rafael Andrade wrote: > > >> >> Hello all, > > >> >> > > >> >> Im using qmailtoaster two years a go, and i`m very satisfied... > > >> >> some days a go my users receiving lots of spams, Tagged in subjects > > >> >> (spamassassin) or not. > > >> >> > > >> >> What could I be making to get better? > > >> >> > > >> >> Actually im using Qmailtoaster + Spamdyke with greylist. > > >> >> > > >> >> Excuse for english. > > >> >> > > >> >> My confs below: > > >> >> > > >> >> cat /etc/tcprules.d/tcp.smtp > > >> >> 127.:allow,RELAYCLIENT="" > > > > 192.168.1.:allow,RELAYCLIENT="",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_ > >R > > > > >> CPTLIMIT="120",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJ > > > > Kfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/co > >n > > > > >> trol/domainkeys/%/private",NOP0FCHECK="1" > > > > xxx.xx.xx.xx:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="12 > >0 > > > > >> ",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJKfh",QMAILQUE > > > > UE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/control/domaink > >e > > > > >> ys/%/private",NOP0FCHECK="1" > > : > > :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WR > > :O > > : > > >> NGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIG > > >> > > >> >> N="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1" > > >> >> > > >> >> cat /var/qmail/control/simcontrol > > : > > :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:. > > :w > > : > > >> mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p > > > > l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dw > >r > > > > >> :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. > > >> : > > >> >> idw:.ipt > > >> >> > > >> >> cat /etc/spamdyke/spamdyke.conf > > >> >> # rbl > > >> >> dns-blacklist-entry=bl.spamcop.net > > >> >> dns-blacklist-entry=zen.spamhaus.org > > >> >> dns-blacklist-entry=dnsbl.sorbs.net > > >> >> dns-blacklist-entry=bogons.cymru.com > > >> >> dns-blacklist-entry=ix.dnsbl.manitu.net > > >> >> dns-blacklist-entry=cbl.abuseat.org > > >> >> dns-blacklist-entry=dnsbl.njabl.org > > >> >> > > >> >> > > >> >> # graylist > > >> >> #graylist-dir=/etc/spamdyke/graylist.d > > >> >> graylist-dir=/home/vpopmail/graylist.d > > >> >> graylist-level=always > > >> >> graylist-max-secs=2678400 > > >> >> graylist-min-secs=180 > > >> >> greeting-delay-secs=5 > > >> >> > > >> >> > > >> >> local-domains-file=/var/qmail/control/rcpthosts > > >> >> #log-level=debug > > >> >> log-level=info > > >> >> log-target=syslog > > >> >> #log-target=stderr > > >> >> max-recipients=50 > > >> >> #policy-url=http://my.policy.explanation.url/ > > >> >> reject-empty-rdns > > >> >> #reject-ip-in-cc-rdns > > >> >> reject-missing-sender-mx > > >> >> reject-unresolvable-rdns > > >> >> tls-certificate-file=/var/qmail/control/servercert.pem > > >> >> # blacklist and whitelist ip > > >> >> ip-blacklist-file=/etc/spamdyke/blacklist_ip > > >> >> ip-whitelist-file=/etc/spamdyke/whitelist_ip > > >> >> > > >> >> # blacklist and whitelist keywords > > >> >> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords > > >> >> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords > > >> >> > > >> >> # blacklist and whitelist senders > > >> >> sender-blacklist-file=/etc/spamdyke/blacklist_senders > > >> >> sender-whitelist-file=/etc/spamdyke/whitelist_senders > > >> >> > > >> >> # blacklist and whitelist rdns > > >> >> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns > > >> >> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns > > >> >> > > >> >> # whitelist dns > > >> >> dns-whitelist-file=/etc/spamdyke/whitelist_dns > > >> >> > > >> >> # blacklist and whitelist recipients > > >> >> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients > > >> >> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients > > >> >> > > >> >> > > >> >> ------------------------------------------------------------------- > > >> >>- > > > > --- > > > > >> ---------- > > >> > > >> > (Wow - that's a lot of RBLs) > > >> > > > >> > Are you sure that spamdyke's running? > > >> > I like to use > > >> > log-target=stderr > > >> > so I can see spamdyke's messages in the smtp log along with the > > >> > other related messages. Make sure spamdyke is running. > > >> > > > >> > Looks to me like you have the screws turned down pretty tight spam > > >> > wise. I think the next step would be to look at a representative > > >> > sample of the spam you're receiving, to see why it's getting > > >> > through. > > >> > > > >> > Perhaps there is a workstation or server on your network that's been > > >> > compromised and is sending out the spam. Examining the headers of > > >> > the spams you're receiving to see where they originate. > > >> > > >> ---------------------------------------------------------------------- > > >>- > > > > --- > > > > >> ------- > > >> Qmailtoaster is sponsored by Vickers Consulting Group > > >> (www.vickersconsulting.com) > > >> Vickers Consulting Group offers Qmailtoaster support and > > >> installations. > > >> If you need professional help with your setup, contact them > > > > today! > > > > >> ---------------------------------------------------------------------- > > >>- > > > > --- > > > > >> ------- > > >> Please visit qmailtoaster.com for the latest news, updates, and > > >> packages. > > >> > > >> To unsubscribe, e-mail: qmailtoaster-list- > > >> unsubscr...@qmailtoaster.com > > >> For additional commands, e-mail: qmailtoaster-list- > > >> h...@qmailtoaster.com > > > > > > ----------------------------------------------------------------------- > > >- > > > > --------- > > > > > Qmailtoaster is sponsored by Vickers Consulting Group > > > (www.vickersconsulting.com) > > > Vickers Consulting Group offers Qmailtoaster support and > > > installations. > > > If you need professional help with your setup, contact them > > > today! > > > ----------------------------------------------------------------------- > > >- > > > > --------- > > > > > Please visit qmailtoaster.com for the latest news, updates, and > > > packages. > > > > > > To unsubscribe, e-mail: > > > qmailtoaster-list-unsubscr...@qmailtoaster.com > > > For additional commands, e-mail: > > > qmailtoaster-list-h...@qmailtoaster.com > > > > Kent Busbee > > Director of Technology > > Northlake Christian School > > > > > > ------------------------------------------------------------------------- > >- ------- > > Qmailtoaster is sponsored by Vickers Consulting Group > > (www.vickersconsulting.com) > > Vickers Consulting Group offers Qmailtoaster support and > > installations. > > If you need professional help with your setup, contact them today! > > ------------------------------------------------------------------------- > >- ------- > > Please visit qmailtoaster.com for the latest news, updates, and > > packages. > > > > To unsubscribe, e-mail: qmailtoaster-list- > > unsubscr...@qmailtoaster.com > > For additional commands, e-mail: qmailtoaster-list- > > h...@qmailtoaster.com > > --------------------------------------------------------------------------- >------ Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster > support and installations. If you need professional help with your setup, > contact them today! > --------------------------------------------------------------------------- >------ Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: > qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, > e-mail: qmailtoaster-list-h...@qmailtoaster.com --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
